Frequently Asked Questions
Would 'informal' communication with Clients on email (e.g. Clients sending emails about something that happened) also need to be subject to a level of password protection or encryption?
Where an email being sent contains any ‘special personal information’ it must be encrypted.
Online/ Video consultations: If doing online consultations on Zoom/Teams would this be acceptable? And how does this pertain to security of online consultations?
In order to record a consultation, the financial advisor must obtain consent from the client. The purpose of recording must also be understood and explained. The recording of the consultation should also be secured by storing the recording securely on the solution platform that can be encrypted.
If one keeps Client files/notes on a laptop, desktop or mobile device. do these devices need to be password protected / encrypted?
When files are shared which include personal information or special personal information, these files should be encrypted or protected.
Should you report data breach to the regulator?
In the event of a security or information breach where personal information has been compromised, the Information Regulator as well as any parties whose personal information has been accessed or acquired by an unauthorised party, should be notified.
Should you also report it to the regulator if you have a stolen cell phone with client cellphone numbers on it?
n the event of a security or information breach where personal information has been compromised, the Information Regulator as well as any parties whose personal information has been accessed or acquired by an unauthorised party, should be notified.
How Do You Secure Your Clients Telephone Numbers On Your Cell Phone? If It Is Stolen?
You should ensure that you have the necessary security measures in place on your device e.g. secure passwords; up to date antivirus software etc. In addition, the necessary technologies should be in place on a mobile device to ensure that if the item is stolen that all/any information can be wiped clean and thus removing all access to the perpetrator.